Google is pushing Google Analytics users to update to their Universal Analytics implementation so it’s time to take a quick look into the changes that are coming with it in regards to privacy regulation compliance. Universal Analytics will eventually replace the prior technology.

How to set up Universal Analytics

Here’s a basic guide on how to set up Universal Analytics by Google. What we are interested in is the User ID part. User ID is core to the new possibilities in Universal Analytics. Universal Analytics allows the connecting of various sessions to one user and therefore allows you to track the activity on your property more accurately.

Google explains it like this:

The User ID is a Universal Analytics feature that you can use to associate multiple sessions (and any activity within those sessions) with a unique ID. When you send an unique ID and any related engagement data to Google Analytics, all activity is attributed to one user in your reports. With the User ID, you can get a more accurate user count, analyze the signed-in user experience, and get access to the new Cross Device reports. Learn more about the User ID.

In the first step of the setup flow you will find a toggle and you’ll switch it to ON to indicate that you’ve read and agreed to the User ID Policy. This enables the User ID feature in your account.

Google stresses the fact that it hasn’t changed its privacy stance. The existing safeguards like IP masking, the Google Analytics browser opt-out add-on, data confidentiality, and security still work on the new analytics.js. Additionally, the information stored in the local first-party cookie is reduced for the new analytics.js, the snippet can be implemented without a need for a cookie at all.

About User ID and privacy

The User ID feature processes pseudonymous data which presumably in many cases will only be legitimate in the case that the particular user had not objected to that kind of processing priorly. The user needs to be advised on their right to opt-out from this sort of data processing.

Google themselves impose the following requirements onto the user:

You will give your end users proper notice about the implementations and features of Google Analytics you use (e.g. notice about what data you will collect via Google Analytics, and whether this data can be connected to other data you have about the end user). You will either get consent from your end users, or provide them with the opportunity to opt-out from the implementations and features you use.

You will not upload any data that allows Google to personally identify an individual (such as certain names, social security numbers, email addresses, or any similar data), or data that permanently identifies a particular device (such as a mobile phone’s unique device identifier if such an identifier cannot be reset), even in hashed form.

Since Google’s own opt-out link only opts you out from the specific device you are on, you will have to implement another manual way for people to opt-out. The easiest way to do this is to implement a process in which people can opt-out via email.

What are the steps included?

Quick Start Guide

Have a privacy policy in place and tell users about your use of Google Analytics and User ID;

Tell them that they can oppose to the collection in that way;

Do not send Google any data that allows them to personally identify your users;

iubenda and Universal Analytics/User ID

We have introduced a slightly changed clause for the use with User ID soon allowing you to use this feature along with Google Analytics. The clause is called “User ID extension” and can be added to your iubenda privacy policy from the iubenda dashboard.

The software, materials and assistance provided by iubenda have the only purpose of helping users with compliance regarding their legal requirements. In particular, the templates iubenda provides are generated automatically, yet every word of our template has been written and continuously revised by a skilled legal team. However, as can be easily understood, nothing can substitute a professional legal consultancy in the drafting of your privacy policy, cookie policy or of any other legal document or compliance procedure. Our service does its best to provide you with a starting point, like an extremely sophisticated templates book, but even if we strive to provide the best assistance possible, we cannot guarantee any conformity with the law, which only a lawyer can do. Nothing on this site, therefore, shall be considered legal advice and no attorney-client relationship is established. Please note that in some cases, depending on your legislation, further actions may be required to make your activity compliant with the law.